8,965 tools
A Windows kernel driver intentionally designed with various vulnerabilities to help security researchers practice kernel exploitation techniques.
A Windows kernel driver intentionally designed with various vulnerabilities to help security researchers practice kernel exploitation techniques.
A panic button application that triggers coordinated emergency responses across multiple connected security applications and systems.
A panic button application that triggers coordinated emergency responses across multiple connected security applications and systems.
BW-Pot is an interactive web application honeypot that deploys vulnerable applications to attract and monitor HTTP/HTTPS attacks, with automated logging to Google BigQuery for analysis.
BW-Pot is an interactive web application honeypot that deploys vulnerable applications to attract and monitor HTTP/HTTPS attacks, with automated logging to Google BigQuery for analysis.
A collection of security research tools from Google's Project Zero team for testing and analyzing iPhone messaging systems including SMS, iMessage, and IMAP protocols.
A collection of security research tools from Google's Project Zero team for testing and analyzing iPhone messaging systems including SMS, iMessage, and IMAP protocols.
VxSig is a Google-developed tool that automatically generates antivirus byte signatures from similar binaries for Yara and ClamAV detection engines.
VxSig is a Google-developed tool that automatically generates antivirus byte signatures from similar binaries for Yara and ClamAV detection engines.
A daemon for blocking USB keystroke injection devices on Linux systems
A daemon for blocking USB keystroke injection devices on Linux systems
Turbinia is an open-source framework for automating the running of common forensic processing tools to help with processing evidence in the Cloud.
Turbinia is an open-source framework for automating the running of common forensic processing tools to help with processing evidence in the Cloud.
A collaborative forensic timeline analysis tool for organizing and analyzing data with rich annotations and comments.
A collaborative forensic timeline analysis tool for organizing and analyzing data with rich annotations and comments.
Stenographer is a high-performance full-packet-capture utility for intrusion detection and incident response purposes.
Stenographer is a high-performance full-packet-capture utility for intrusion detection and incident response purposes.
Santa is a macOS binary and file access authorization system that monitors executions and makes allow/block decisions based on local database rules.
Santa is a macOS binary and file access authorization system that monitors executions and makes allow/block decisions based on local database rules.
Rekall is a discontinued project that aimed to improve memory analysis methodology but faced challenges due to the nature of in-memory structure and increasing security measures.
Rekall is a discontinued project that aimed to improve memory analysis methodology but faced challenges due to the nature of in-memory structure and increasing security measures.
A multi-threaded, feedback-driven evolutionary fuzzer that uses low-level process monitoring to discover security vulnerabilities in software applications.
A multi-threaded, feedback-driven evolutionary fuzzer that uses low-level process monitoring to discover security vulnerabilities in software applications.
gVisor is a Go-based application kernel that provides enhanced container isolation by implementing Linux system calls and limiting host kernel exposure through its runsc OCI runtime.
gVisor is a Go-based application kernel that provides enhanced container isolation by implementing Linux system calls and limiting host kernel exposure through its runsc OCI runtime.
Incident response framework focused on remote live forensics
Incident response framework focused on remote live forensics
A tool for translating Dalvik bytecode to Java bytecode for analyzing Android applications.
A tool for translating Dalvik bytecode to Java bytecode for analyzing Android applications.
Docker Explorer is a forensic tool that enables investigators to explore and analyze offline Docker container filesystems by reconstructing layered filesystem structures.
Docker Explorer is a forensic tool that enables investigators to explore and analyze offline Docker container filesystems by reconstructing layered filesystem structures.
A Python tool for patching Dalvik bytecode in DEX files and assisting in Android application analysis
A Python tool for patching Dalvik bytecode in DEX files and assisting in Android application analysis
A forensics toolkit for collecting digital evidence from Google Cloud Platform, Microsoft Azure, and Amazon Web Services during incident response investigations.
A forensics toolkit for collecting digital evidence from Google Cloud Platform, Microsoft Azure, and Amazon Web Services during incident response investigations.
A standalone binary inspection tool for Android developers with support for various formats and dependencies.
A standalone binary inspection tool for Android developers with support for various formats and dependencies.
ProcFilter is a process filtering system for Windows with built-in YARA integration, designed for malware analysts to create YARA signatures for Windows environments.
ProcFilter is a process filtering system for Windows with built-in YARA integration, designed for malware analysts to create YARA signatures for Windows environments.
POFR is a Linux forensic data collection system that captures process execution, file access, and network activity for incident response and compliance analysis.
POFR is a Linux forensic data collection system that captures process execution, file access, and network activity for incident response and compliance analysis.
AWS Web Application Firewalls (WAFs) are cloud-based security services that protect web applications and APIs from internet-based attacks through customizable filtering rules and centralized management capabilities.
AWS Web Application Firewalls (WAFs) are cloud-based security services that protect web applications and APIs from internet-based attacks through customizable filtering rules and centralized management capabilities.
A printer honeypot PoC that simulates a printer on a network to detect and analyze potential attackers.
A printer honeypot PoC that simulates a printer on a network to detect and analyze potential attackers.